I have two services that I want map onto a single https endpoint - just on different routes.
/ -> web
/api -> nodejs
This is the config for traefik
args = [
# api
"--api.insecure=true",
"--entrypoints.traefik.address=127.0.0.1:8080",
# consul
"--providers.consulCatalog=true",
"--providers.consulCatalog.prefix=traefik",
"--providers.consulCatalog.exposedByDefault=false",
# ports
"--entrypoints.web.address=:80",
"--entrypoints.websecure.address=:443",
"--entrypoints.websecure.http.tls=true",
# redirects
"--entrypoints.web.http.redirections.entrypoint.to=websecure",
"--entrypoints.web.http.redirections.entrypoint.scheme=https",
# certificats
"--entrypoints.websecure.http.tls.certResolver=le",
"--certificatesresolvers.le.acme.email=tcurdt@foo.com",
"--certificatesresolvers.le.acme.storage=/acme.json",
"--certificatesresolvers.le.acme.tlschallenge=true",
"--certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory",
]
and these are the services
service {
name = "web"
tags = [
"traefik.enable=true",
"traefik.http.routers.web.entrypoints=websecure",
"traefik.http.services.web.loadbalancer.server.port=${NOMAD_PORT_web}",
# "traefik.http.routers.web.rule=Host(`example.com`)",
"traefik.http.routers.web.rule=HostRegexp(`{host:.+}`)",
"traefik.http.routers.web.tls=true",
"traefik.http.routers.web.tls.certresolver=le",
]
}
service {
name = "nodejs"
tags = [
"traefik.enable=true",
"traefik.http.routers.nodejs.entrypoints=websecure",
"traefik.http.services.nodejs.loadbalancer.server.port=${NOMAD_PORT_nodejs}",
# "traefik.http.routers.nodejs.rule=Host(`example.com`)",
"traefik.http.routers.nodejs.rule=HostRegexp(`{host:.+}`)",
"traefik.http.routers.nodejs.tls=true",
"traefik.http.routers.nodejs.tls.certresolver=le",
]
}
The route matching is still missing but the bit that really trips me off is the TLS config.
IMO it should be on the websecure entrypoint - not on the individual routers.
How should this look like?